diff options
author | cdoern <cdoern@redhat.com> | 2021-10-11 11:01:36 -0400 |
---|---|---|
committer | Matthew Heon <matthew.heon@pm.me> | 2021-10-19 15:56:35 -0400 |
commit | 16fb4161a6853c047f40920adce43049cc428243 (patch) | |
tree | 8bebd2148fcc9fd8f5ef52eac3bc3fc72c2b0279 | |
parent | 3082ba8b7b4489ec0be3886450b2681e16aca17e (diff) | |
download | podman-16fb4161a6853c047f40920adce43049cc428243.tar.gz podman-16fb4161a6853c047f40920adce43049cc428243.tar.bz2 podman-16fb4161a6853c047f40920adce43049cc428243.zip |
Kube Gen run as user/group issues
Removed the inclusion of RunAsUser or RunAsGroup unless a container is run with the --user flag. When building from an image
the user will be pulled from there anyway
resolves #11914
Signed-off-by: cdoern <cdoern@redhat.com>
-rw-r--r-- | libpod/kube.go | 4 | ||||
-rw-r--r-- | test/e2e/generate_kube_test.go | 2 |
2 files changed, 5 insertions, 1 deletions
diff --git a/libpod/kube.go b/libpod/kube.go index 9e1e3ddfe..9c71c8ad6 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -485,6 +485,10 @@ func containerToV1Container(ctx context.Context, c *Container) (v1.Container, [] kubeContainer.Command = nil } + if imgData.User == c.User() { + kubeSec.RunAsGroup, kubeSec.RunAsUser = nil, nil + } + kubeContainer.WorkingDir = c.WorkingDir() kubeContainer.Ports = ports // This should not be applicable diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index cb987e139..b84977d0d 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -942,7 +942,7 @@ USER test1` pod := new(v1.Pod) err = yaml.Unmarshal(kube.Out.Contents(), pod) Expect(err).To(BeNil()) - Expect(*pod.Spec.Containers[0].SecurityContext.RunAsUser).To(Equal(int64(10001))) + Expect(pod.Spec.Containers[0].SecurityContext.RunAsUser).To(BeNil()) }) It("podman generate kube on named volume", func() { |